Re: Announce loop-AES-v2.0c file/swap crypto package

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Petro Verkhogliad wrote:
> Is there a point to using loop-AES with kernel-2.6? CryptoAPI is in the kernel.
> Why not just use it?

1)  Loop-AES is about twice as fast on modern x86 boxes.
2)  Kernel 2.6 cryptoloop will not work properly with encrypted swap.
    Encrypted swap needs memory pre-allocation.
3)  kerneli.org and mainline versions are more than two years behind in
    security. Both have exploitable vulnerability that is best described as
    back door.
4)  Uncounted number of bugs fixed in loop-AES that still bite mainline.
5)  If Andrew Morton's loop changes get merged to mainline loop, kernel 2.6
    cryptoloop will no longer work reliably with journaled file systems.
    (same why reason I don't recommend using journaled file systems with
    file backed loops)

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/



[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux